John Hopkins spokesman Dennis O'Shea told the Sun that the hacker contacted university officials on March 5, 2014, threatening to release the information if the university didn't provide passwords to its servers.

The initial breach appears to have occurred in November of 2013.

The information accessed by the hacker didn't include Social Security numbers, birthdates or financial information, though it did contain some student evaluations of classes. "Identity theft does not appear to be a serious issue here," O'Shea told the Sun. "Nevertheless, we felt it was important to notify our students, faculty and staff, and alumni."

"We will continue to pursue the facts concerning this incident and, of course, will assist the FBI in any way we can," the university said in a statement. "The internal review will attempt to answer, among other things, why the course-related data was on the server for a department Web site, why it was vulnerable to attack and why it was not cleansed of outdated information. This information will help us take action to minimize the risk of any future occurrence."

Loading Comments...

Advertiser Disclosure: Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.